Consider the following threats to Web security and describe how each is countere
ID: 3824006 • Letter: C
Question
Consider the following threats to Web security and describe how each is countered by a particular feature of TLS.
a.Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a conventional encryption algorithm..
b.Known Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the HTTP GET command. An attacker constructs a dictionary containing every possible encryption of the known-plaintext message. When an encrypted message is intercepted, the attacker takes the portion containing the encrypted known plaintext and looks up the ciphertext in the dictionary. The ciphertext should match against an entry that was encrypted with the same secret key. If there are several matches, each of these can be tried against the full ciphertext to determine the right one. This attack is especially effective against small key sizes (e.g., 40-bit keys)..
c.Replay Attack: Earlier TLS handshake messages are replayed.
d.Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client.
e.Password Sniffing: Passwords in HTTP or other application traffic are eavesdropped.
f.IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
g.IP Hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.
h.SYN Flooding:An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the “half-open connection” around for a few minutes. Repeated SYN messages can clog the TCP module.
Explanation / Answer
a. SSL uses symmetric one-time session keys and it will have the capability to negotiate a stronger cipher to be used during session.
b. SSL uses per session random numbers to generate on both client and server side. the session key. It helps in randomizing the cipher text.
c. The random numbers used in each session has the first 4 bytes as the time stamp, so they are different for each session
d. Mutual authentication with certificates.
e. Passwords are encrypted.
f. SSL does not use IP addresses to authenticate the client and server
g. If the attacker performs any hizag operations like the connection after authentication, he has no way of knowing the encryption key. Therefore, the Alert protocol will detect if the attacker tries to send data as a legitimate user and closes the connection eventually. Even if the attacker hijacks it during handshaking, the attacker does not know the password and hence cannot succeed during the password authentication phase.
h. Can not be defeated. SSL is not stateless and working on top of TCP