Chapter 5 Questions

1. In SSL and TLS, why is there a separate Change Cipher Spec Protocol rather
than including a change_cipher_spec message in the Handshake Protocol?

Answer:
The change cipher spec protocol exists to signal transitions in ciphering
strategies, and can be sent independent of the complete handshake
protocol exchange.

2. What purpose does the MAC serve during the change cipher spec SSL
exchange?

Answer:
To integrity protect the first set of messages where the cookies and
cipher suite information is exchanged. This will prevent a man-in-the-
middle attack in step 1 for instance, where someone can intercept the
original message and send a weaker set of crypto suites.

3. Consider the following threats to Web security and describe how each is
countered by a particular feature of SSL:

a. Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for

a conventional encryption algorithm.

Answer:
The conventional encryption algorithms use key lengths up to 168 bits

b. Known Plaintext Dictionary Attack: Many messages will contain predictable

plaintext, such as the HTTP GET command. An attacker constructs a
dictionary containing every possible encryption of the known-plaintext
message. When an encrypted message is intercepted, the attacker takes the
portion containing the encrypted known plaintext and looks up the ciphertext
in the dictionary. The ciphertext should match against an entry that was
encrypted with the same secret key. If there are several matches, each of
 these can be tried against the full ciphertext to determine the right one.This
attack is especially effective against small key sizes (e.g., 40-bit keys).

Answer:
TLS protects against this attack by not really using a 40-bit key, but an
effective key of 128 bits. The rest of the key is constructed from data
that is disclosed in the Hello messages. As a result the dictionary must
be long enough to accommodate 2128 entries.

c. Replay Attack: Earlier SSL handshake messages are replayed.

Answer
This is prevented by the use of nonces.

d. Man-in-the-Middle Attack: An attacker interposes during key exchange,

acting as the client to the server and as the server to the client.

Answer:
This is prevented by the use of public-key certificates to authenticate the
communicating entities

e. Password Sniffing: Passwords in HTTP or other application traffic are

eavesdropped.

Answer:
Application data is encrypted by using the record protocol

f. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus

data.

Answer:
The spoofer must get access to the secret key as well as the forged IP
address to be able to do so which is very difficult.

g. IP Hijacking: An active, authenticated connection between two hosts is

disrupted and the attacker takes the place of one of the hosts.

Answer:
By using encryption, exchanged information is not revealed.
h. SYN Flooding:An attacker sends TCP SYN messages to request a
connection but does not respond to the final message to establish the
connection fully. The attacked TCP module typically leaves the “half-open
connection” around for a few minutes. Repeated SYN messages can clog the
TCP module.

Answer:
No protection is provided by TLS against this attack.

4. Based on what you have learned in this chapter, is it possible in SSL for the
receiver to reorder SSL record blocks that arrive out of order? If so, explain
how it can be done. If not, why not?

Answer
TLS relies on an underlying reliable protocol to assure that bytes are
not lost, duplicated or inserted. There was some discussion of
reengineering the future TLS protocol to work over datagram protocols
such as UDP, however, most people at a recent TLS meeting felt that
this was inappropriate layering and thus TLS works only over reliable
protocols such as TCP which is reliable.

5. For SSH packets, what is the advantage, if any, of not including the MAC in
the scope of the packet encryption?

Answer
This allows for the message to be authenticated before attempting
decryption, which may be more efficient.