Lec 5

 What is the purpose of cryptographic parameters in SSL?

Cryptographic parameters are used to achieve message integrity and confidentiality.

 How many cryptographic secrets does SSL require?

SSL requires six cryptographic secrets: four keys and two initialization vectors (IVs).

 What does the client need in terms of cryptographic secrets?

The client needs:

 One key for message authentication.

 One key for encryption.
 One IV as the original block in calculations.

 What does the server need in terms of cryptographic secrets?

The server also needs:

 One key for message authentication.

 One key for encryption.
 One IV as the original block in calculations.

 Why are keys in one direction different from those in the other direction?
Keys for one direction are different from those in the opposite direction to ensure that if there is
an attack in one direction, the other direction remains unaffected.

From slid 21

1. What is the difference between an SSL session and a connection?

o A session is an association between a client and a server that includes shared
information like session identifier, certificates, compression methods, cipher suite,
and a master secret.
o A connection is established between two entities to exchange data and depends on
an already established session.
2. What information is shared in an SSL session?
o Session identifier
o Certificates authenticating each party (if necessary)
o Compression method (if needed)
o Cipher suite
o Master secret used to create keys for message authentication and encryption
3. What protocols does SSL define, and how are they structured?
 SSL defines four protocols in two layers:

o Record Protocol: Acts as a carrier for messages from other protocols and
application layer data. Its payloads are passed to the transport layer (usually TCP).
o ChangeCipherSpec Protocol: Signals readiness of cryptographic secrets.
o Handshake Protocol: Provides security parameters for the Record Protocol,
establishes a cipher set, provides keys, and authenticates the server and/or client
as needed.
o Alert Protocol: Reports abnormal conditions.
4. What is the role of the Record Protocol?

It carries messages from the other SSL protocols (ChangeCipherSpec, Handshake, Alert)
as well as data from the application layer. The messages are passed as payloads to the
transport layer.

5. What is the purpose of the ChangeCipherSpec Protocol?

It is used to signal the readiness of cryptographic secrets.

6. What tasks does the Handshake Protocol accomplish?

o Establishes security parameters for the Record Protocol.
o Creates a cipher suite.
o Provides keys and security parameters.
o Authenticates the server to the client and the client to the server if needed.
7. What is the purpose of the Alert Protocol?

It is used to report abnormal conditions during an SSL session or connection.

8. How do SSL sessions and connections handle cryptographic parameters?

Two random numbers are exchanged between the entities to create keys and parameters
using the master secret for authentication and privacy.

9. Can a session include multiple connections?

Yes, a session can consist of many connections. A connection can be terminated and
reestablished within the same session.

10. Is terminating a connection equivalent to terminating a session? No, terminating a

connection does not mandate terminating the session. A session can be suspended and
resumed later.
11. What are two protocols that provide security for e-mails?
o Pretty Good Privacy (PGP).
o Secure/Multipurpose Internet Mail Extension (S/MIME).
12. How is e-mail security different from protocols like SSL or IPSec?
o E-mail is a one-time activity without creating a session.
 o In SSL or IPSec, a session is created for two-way data exchange, while in e-mail,
the sender sends a message, and the receiver may read it later.
13. How do sender and receiver agree on cryptographic algorithms in e-mail security?
o The protocol defines a set of algorithms for encryption, decryption, and hashing.
o The sender includes the names (or identifiers) of the algorithms in the message.
14. What example algorithms can be used for encryption and hashing in e-mail
security?
o DES for encryption/decryption.
o MD5 for hashing.
15. How does the receiver handle cryptographic algorithms in e-mail security?
o The receiver extracts the algorithm identifiers from the message.
o Based on these identifiers, the receiver knows which algorithm to use for
decryption and hashing.
16. How are secrets established between two parties in e-mail security without
negotiation?
o Encryption and decryption are done using a symmetric-key algorithm.
o The sender (e.g., Alice) creates a one-time secret key and sends it with the
message, encrypted using the receiver's (e.g., Bob's) public key to protect it from
interception.
17. How is the secret key protected during transmission?
o The secret key is encrypted using the public key of the receiver (Bob) and sent
along with the message.
18. What type of algorithm is used for encrypting and decrypting the actual e-mail
message?
o A symmetric-key algorithm is used for encrypting and decrypting the e-mail
message.
19. What issue arises with public keys in e-mail security?
o The sender (Alice) needs the receiver's (Bob's) public key to encrypt the secret
key.
o The receiver (Bob) needs the sender's (Alice's) public key to verify a signed
message.
20. How are public keys verified in e-mail security?
o Each e-mail security protocol uses a specific method for certifying public keys to
ensure authenticity.
21. How are public keys verified in e-mail security?
o Each e-mail security protocol uses a specific method for certifying public keys to
ensure authenticity.
22. What is Pretty Good Privacy (PGP)?
o PGP is a protocol designed to create authenticated and confidential e-mails.
23. What is the simplest scenario in PGP?
o The simplest scenario is sending the e-mail message in plaintext.
24. How does PGP provide message integrity?
o Alice creates a digest of the message and signs it with her private key.
o Bob verifies the message using Alice's public key.
25. How does PGP use compression?
o PGP compresses the message to make the packet more compact, which reduces
traffic but does not add any security benefit.
26. How does PGP provide confidentiality with a one-time session key?
o Alice creates a session key and uses it to encrypt the message and digest.
o The session key itself is encrypted using Bob's public key and sent with the
message.
27. What steps does Bob take to decrypt a PGP message?
o Bob decrypts the session key using his private key.
o He uses the session key to decrypt the message and digest.
o He decompresses the message and verifies its integrity by comparing the digest.
28. What is segmentation in PGP?
o PGP segments the message after converting it to Radix-64 format, ensuring
uniform size for transmission.
29. What are key rings in PGP?
o Key rings are collections of public and private keys used for managing
communication with multiple users.
30. Why does PGP use key rings?
o To manage multiple public keys for different recipients.
o To maintain several private/public key pairs for different groups or purposes.
31. What are the steps for sending a PGP message in a community?
o Alice signs the digest with her private key.
o Alice encrypts the session key with the receiver's public key.
o Alice encrypts the message and digest with the session key.
32. What are the steps for receiving a PGP message in a community?
o Bob decrypts the session key using his private key.
o Bob decrypts the message and digest using the session key.
o Bob verifies the digest using Alice's public key.
33. What is Secure/Multipurpose Internet Mail Extension (S/MIME)?
o S/MIME is a security service designed for electronic mail that uses Cryptographic
Message Syntax (CMS) to define encoding schemes for content types.
34. What is the Signed-Data content type in S/MIME?
o This content type provides integrity for data and contains any data type along with
zero or more signature values.
o The encoded result is called a signedData object.
35. What are the steps to create a Signed-Data object in S/MIME?
o A message digest is created from the content using the hash algorithm chosen by
the signer.
o The message digest is signed with the private key of the signer.
o The content, signature values, certificates, and algorithms are collected to create
the signedData object.
36. What is the Enveloped-Data content type in S/MIME?
o This content type provides privacy for the message and contains any message type
plus zero or more encrypted keys and certificates.
o The encoded result is called an envelopedData object.