Review Videos for Lecture 19: TCP + TLS

• Summer 2020 Slides (TCP)
• Summer 2020 Slides (TLS)
• Playlist (length: 1:45:44)

Best Effort Delivery

TCP Bytestreams

Ports

TCP Sequence Numbers

TCP Handshake

UDP

TCP RST Injection

TCP Data Injection

What obstacles does an on-path attacker need to overcome to inject data into a TCP connection?

The on-path attacker needs their injected packet to reach the victim before the legitimate packet (win the race condition).

Note that the on-path attacker already knows the correct sequence numbers because they can see all the victim’s traffic.

TCP Off-path Attacks

In a blind spoofing attack, does the off-path attacker need to guess the sequence number or the acknowledgement number when sending the ACK part of the handshake?

The attacker will know the sequence number to use, since they chose the initial sequence number in the SYN they sent. The attacker needs to guess the acknowledgement number, since the server sent the SYN-ACK with this value to the victim instead of the attacker.

Summary of TCP Security Issues

Intro to TLS

(True/False) TLS sits on top of UDP

False - TCP

TLS on the Web

(True/False) You use TLS when you visit http://foo.com

False. Only sites with https are visited using TLS

RSA TLS

In RSA TLS, which party generates the Premaster Secret? How is it sent to the other party?

The client generates the Premaster Secret and uses the server’s public encryption key to encrypt and send it to the server.

Ephemeral Diffie Hellman TLS

(True/False) In DH TLS, one party could force the Premaster Key to be a specific value

False. Both parties contribute randomness

DH vs. RSA TLS and Forward Secrecy

(True/False) RSA TLS can be made to have forward secrecy by making sure to pick a new Premaster Secret on each handshake

False. The problem is the server’s static asymmetric key not the PS. The PS is always randomly generated.

Certificates

(True/False) Even if an attacker is a MiTM, they can't fake a valid certificate

True. This follows from the properties of signatures