Transport Layer Security (TLS)

These flashcards cover key concepts, processes, and definitions related to Transport Layer Security (TLS) as outlined in the provided lecture notes.

What is HTTPS an adaptation of?

HTTPS is an adaptation of HTTP for secure communication.

What is the role of TLS in secure communication?

Transport Layer Security (TLS) provides a secure channel between two communicating peers.

What cryptographic method does TLS use to ensure privacy?

TLS uses symmetric cryptography to encrypt data.

How does TLS verify the identity of the server?

The identity of the server can be verified using public-key infrastructure.

What does the integrity verification in TLS ensure?

Data integrity can be verified, meaning data loss or alteration during transmission can be detected.

What was the predecessor of TLS?

The predecessor of TLS is SSL (Secure Sockets Layer).

What is the current version of TLS?

The current version of TLS is TLS 1.3.

What is the default TCP port for HTTPS?

The default TCP port for HTTPS is 443.

What are the two main components of the TLS protocol?

The two main components of the TLS protocol are the handshake protocol and the record protocol.

What are the three main steps of the handshake protocol?

The three main steps are negotiation, key exchange, and authentication.

What algorithm is used for key derivation in TLS 1.3?

The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is used.

What is required for server authentication in TLS?

Servers must present a certificate signed by a certification authority.

What type of certificates are normally used in TLS?

X.509 certificates are normally used.

What is a pre-session key (PSK) handshake used for?

A PSK handshake allows clients to resume previous sessions by reusing exchanged keys.

How does TLS protect against message tampering?

Messages are authenticated, and integrity is verified through the use of authenticated encryption.

What does TLS do to protect against replayed or reordered messages?

Data is split into records and assigned a sequence number to verify the order.

What is HTTPS an adaptation of?

HTTPS is an adaptation of HTTP for secure communication.

What is the role of TLS in secure communication?

Transport Layer Security (TLS) provides a secure channel between two communicating peers.

What cryptographic method does TLS use to ensure privacy?

TLS uses symmetric cryptography to encrypt data.

How does TLS verify the identity of the server?

The identity of the server can be verified using public-key infrastructure.

What does the integrity verification in TLS ensure?

Data integrity can be verified, meaning data loss or alteration during transmission can be detected.

What was the predecessor of TLS?

The predecessor of TLS is SSL (Secure Sockets Layer).

What is the current version of TLS?

The current version of TLS is TLS 1.3.

What is the default TCP port for HTTPS?

The default TCP port for HTTPS is 443.

What are the two main components of the TLS protocol?

The two main components of the TLS protocol are the handshake protocol and the record protocol.

What are the three main steps of the handshake protocol?

The three main steps are negotiation, key exchange, and authentication.

What algorithm is used for key derivation in TLS 1.3?

The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is used.

What is required for server authentication in TLS?

Servers must present a certificate signed by a certification authority.

What type of certificates are normally used in TLS?

X.509 certificates are normally used.

What is a pre-session key (PSK) handshake used for?

A PSK handshake allows clients to resume previous sessions by reusing exchanged keys.

How does TLS protect against message tampering?

Messages are authenticated, and integrity is verified through the use of authenticated encryption.

What does TLS do to protect against replayed or reordered messages?

Data is split into records and assigned a sequence number to verify the order.

What is the primary function of a Certificate Authority (CA)?

A CA issues and signs digital certificates, attesting to the ownership of a public key by the named subject of the certificate.

When is client authentication used in TLS?

Client authentication is used when the server needs to verify the identity of the client, usually via a client-side certificate.

What is the purpose of the record protocol in TLS?

The record protocol handles the fragmentation, compression (optional), encryption, and MAC (Message Authentication Code) protection of application data.

Why was TLS developed as a successor to SSL?

TLS was developed to address security vulnerabilities found in SSL and to provide a more robust and extensible secure communication protocol.

What is HTTPS an adaptation of?

HTTPS is an adaptation of HTTP for secure communication.

What is the role of TLS in secure communication?

Transport Layer Security (TLS) provides a secure channel between two communicating peers.

What cryptographic method does TLS use to ensure privacy?

TLS uses symmetric cryptography to encrypt data.

How does TLS verify the identity of the server?

The identity of the server can be verified using public-key infrastructure.

What does the integrity verification in TLS ensure?

Data integrity can be verified, meaning data loss or alteration during transmission can be detected.

What was the predecessor of TLS?

The predecessor of TLS is SSL (Secure Sockets Layer).

What is the current version of TLS?

The current version of TLS is TLS 1.3.

What is the default TCP port for HTTPS?

The default TCP port for HTTPS is 443.

What are the two main components of the TLS protocol?

The two main components of the TLS protocol are the handshake protocol and the record protocol.

What are the three main steps of the handshake protocol?

The three main steps are negotiation, key exchange, and authentication.

What algorithm is used for key derivation in TLS 1.3?

The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is used.

What is required for server authentication in TLS?

Servers must present a certificate signed by a certification authority.

What type of certificates are normally used in TLS?

X.509 certificates are normally used.

What is a pre-session key (PSK) handshake used for?

A PSK handshake allows clients to resume previous sessions by reusing exchanged keys.

How does TLS protect against message tampering?

Messages are authenticated, and integrity is verified through the use of authenticated encryption.

What does TLS do to protect against replayed or reordered messages?

Data is split into records and assigned a sequence number to verify the order.

What is the primary function of a Certificate Authority (CA)?

A CA issues and signs digital certificates, attesting to the ownership of a public key by the named subject of the certificate.

When is client authentication used in TLS?

Client authentication is used when the server needs to verify the identity of the client, usually via a client-side certificate.

What is the purpose of the record protocol in TLS?

The record protocol handles the fragmentation, compression (optional), encryption, and MAC (Message Authentication Code) protection of application data.

Why was TLS developed as a successor to SSL?

TLS was developed to address security vulnerabilities found in SSL and to provide a more robust and extensible secure communication protocol.

How are symmetric and asymmetric cryptography used together in TLS?

Asymmetric cryptography is used during the TLS handshake for key exchange and authentication, while symmetric cryptography is used for the bulk encryption of data during the session.

What is the role of the server's private key during the TLS handshake?

The server's private key is used to decrypt the pre-master secret from the client (in RSA key exchange) or to digitally sign the key exchange parameters (in Diffie-Hellman key exchange) to prove its identity.

What essential information does an X.509 certificate contain?

An X.509 certificate contains the public key of the subject, information about the subject (e.g., domain name), information about the issuer (CA), and a digital signature from the CA.

What is 'forward secrecy' in the context of TLS?

Forward secrecy ensures that a compromise of the server's long-term private key does not compromise past session keys, meaning past communications remain secure even if keys are later exposed.

What is a 'cipher suite' in TLS?

A cipher suite is a set of algorithms that TLS uses to facilitate secure communication, specifying algorithms for key exchange, authentication, bulk encryption, and message authentication code (MAC).